agent security skill risk: medium

Covenant C2 Red Team Operations Guide

The prompt provides steps to authenticate to the Covenant API, create listeners, generate launchers, deploy and manage grunts, and produce a JSON operations report for authorized r…

Policy sensitive
Human review
External action: medium

SKILL 4 files · 2 folders

SKILL.md

Download

---
name: performing-red-team-with-covenant
description: "Conduct red team operations using the Covenant C2 framework for authorized adversary simulation, including listener"
---
# Performing Red Team Operations with Covenant C2

## Overview

Covenant is a collaborative .NET C2 framework for red teamers that provides a Swagger-documented REST API for managing listeners, launchers, grunts (agents), and tasks. This skill covers automating Covenant operations through its API for authorized red team engagements: creating HTTP/HTTPS listeners, generating binary and PowerShell launchers, deploying grunts, executing tasks on compromised hosts, and tracking lateral movement.


## When to Use

- When conducting security assessments that involve performing red team with covenant
- When following incident response procedures for related security events
- When performing scheduled security testing or auditing activities
- When validating security controls through hands-on testing

## Prerequisites

- Covenant C2 server deployed (Docker or .NET 6)
- Python 3.9+ with `requests` library
- Covenant API token (obtained via /api/users/login)
- Written authorization for red team engagement
- Isolated lab or authorized target environment

## Steps

### Step 1: Authenticate to Covenant API
Obtain a JWT token by posting credentials to /api/users/login endpoint.

### Step 2: Create Listener
Configure an HTTP or HTTPS listener with callback URLs and bind address.

### Step 3: Generate Launcher
Create a binary, PowerShell, or MSBuild launcher tied to the listener for grunt deployment.

### Step 4: Deploy and Manage Grunts
Monitor grunt callbacks, execute tasks, and collect output from compromised hosts.

### Step 5: Document Operations
Generate an operations report documenting all actions, timestamps, and findings.

## Expected Output

JSON report with listener configuration, active grunts, executed tasks, and task output for engagement documentation.

REQUIRED CONTEXT

Covenant C2 server
Python 3.9+ with requests
Covenant API token
written authorization

EXPECTED OUTPUT

Format

json

Schema

json_schema · listener configuration, active grunts, executed tasks, task output

Constraints

include listener configuration
include active grunts
include executed tasks
include task output

CAVEATS

Dependencies

Covenant C2 server deployed (Docker or .NET 6)
Python 3.9+ with `requests` library
Covenant API token (obtained via /api/users/login)
Written authorization for red team engagement
Isolated lab or authorized target environment

Missing context

Exact API endpoint details and request/response schemas beyond the login endpoint
Error handling or authentication refresh procedures
Specific output schema for the JSON report

Ambiguities

Step descriptions are high-level without concrete API calls, parameters, or code examples.
Name field contains truncated phrase 'including listener'.

QUALITY

OVERALL: 0.62
CLARITY: 0.80
SPECIFICITY: 0.55
REUSABILITY: 0.50
COMPLETENESS: 0.60

IMPROVEMENT SUGGESTIONS

Add concrete curl or Python examples for each step using the documented Swagger endpoints.
Include placeholder variables (e.g., {{listener_name}}, {{target_host}}) to improve reusability as a template.

USAGE

Copy the prompt above and paste it into your AI of choice — Claude, ChatGPT, Gemini, or anywhere else you're working. Replace any placeholder sections with your own context, then ask for the output.